Hello, Any feedback on this ? Thanks On Sun, Nov 5, 2017 at 9:16 PM, Philippe Mouawad < p.moua...@ubik-ingenierie.com> wrote:
> Hello, > I am having issues making Digest auth work in Tomcat 8.5.23 for manager > application. > > I have done the following: > > 1) Edit server.xml and have set MessageDigestCredentialHandler with SHA-256 > <Realm className="org.apache.catalina.realm.LockOutRealm"> > <!-- This Realm uses the UserDatabase configured in the global JNDI > resources under the key "UserDatabase". Any edits > that are performed against this UserDatabase are immediately > available for use by the Realm. --> > <Realm className="org.apache.catalina.realm.UserDatabaseRealm" > resourceName="*UserDatabase*"> > <CredentialHandler className="org.apache.catalina > .realm.MessageDigestCredentialHandler" algorithm="*SHA-256*" /> > </Realm> > </Realm> > > 2) Generated password using: > ./digest.sh -a *SHA-256* -h > org.apache.catalina.realm.MessageDigestCredentialHandler > -i 1 -s 0 password1234 > > I also tried : > ./digest.sh -a SHA-256 -h > org.apache.catalina.realm.MessageDigestCredentialHandler > -i 1 -s 0 tomcat:UserDatabase:password1234 > > 3) Set the last part of password following "password1234:" in > tomcat-users.xml > <role rolename="manager-gui"/> > <role rolename="admin"/> > <role rolename="manager"/> > <user username="tomcat" password="b9c950640e1b3740e98a > cb93e669c65766f6670dd1609ba91ff41052ba48c6f3" > roles="manager-gui,admin,manager"/> > > 4) Edit /webapps/manager/WEB-INF/web.xml > > <login-config> > <auth-method>DIGEST</auth-method> > <realm-name>UserDatabase</realm-name> > </login-config> > > I then try to login to http://localhost:8080/manager/html and enter admin > and password1234 > it fails. > > There must be something I am missing. > > Sorry if I misread some documentation or if my question is stupid, these > are the docs I have seen: > - https://tomcat.apache.org/tomcat-8.5-doc/config/credentialha > ndler.html#MessageDigestCredentialHandler Note the start of this part is > not that clear for me. I think my format is > *salt$iterationCount$encodedCredential* - a hex encoded salt, iteration > code and a hex encoded credential, each separated by $ > > I have also tried solutions described here without success: > - http://www.techpaste.com/2013/05/enable-password-encryption- > policy-tomcat-7/ > - https://stackoverflow.com/questions/39967289/how-to-use-dige > st-authentication-in-tomcat-8-5 > - https://stackoverflow.com/questions/2978884/tomcat-digest- > with-manager-webapp > > Regards > Philippe > -- Cordialement. Philippe Mouawad. Ubik-Ingénierie UBIK LOAD PACK Web Site <http://www.ubikloadpack.com/> UBIK LOAD PACK on TWITTER <https://twitter.com/ubikloadpack>
